I have a question regarding OBIEE 11.1.1.6.2 Active Directory configuration setup. Currently I have followed this blog http://paulcannon-bi.blogspot.com/2012/07/configuring-ldap-authentication-for.html and setup AD authentication along with the default authenticator by WLS.

We have setup four groups in AD and were planning to authenticate these users in these four groups only. Yes, now the AD users are able to login to OBIEE, however the issue here we are coming across is that everyone who is AD no matter if they below to either of these four groups or not are able to login.

Restricting the Answers and Dashboards permissions privileges to authenticated users and allowing only these 4 groups/roles from AD is what I was planning on but the business is planning to integrate more authentication systems in future and does not like this concept.

Is there a way to authentication to users from these 4 groups only in OBIEE 11.1.1.6.2

Have you created 4 different Roles for these 4 Groups in OBIEE? If not, do that and assign privileges in Analytics to those Roles only and remove the Authenticated User Role and BI Consumer Role from permissions. Also, are all users in AD in the same OU? What does your Group Base DN setting in Console for AD look like?

Deva as per your blog you have setup All users filter for this group "01UREG1GPCOBIEE" ( I am assuming all the users who are accessing OBIEE exist here or is this just another group in AD .?)

All Users Filter:
(&(memberof=CN=01UREG1GPCOBIEE,OU=GPCOBIEE,OU=APPS,DC=reg1,DC=Hex,DC=Tech,DC=com)(sAMAccountName=*)(objectclass=user))
User From Name Filter:
(&(memberof=CN=01UREG1GPCOBIEE,OU=GPCOBIEE,OU=APPS,DC=reg1,DC=Hex,DC=Tech,DC=com)(sAMAccountName=%u)(objectclass=user))

If we have 4 groups and use these group in All users Filter .? can we mention those 4 groups at a time here.?